CVE-2008-3626
published 2008-09-11CVE-2008-3626: The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | quicktime | <= 7.4.5 | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |
| apple | quicktime | — | — |